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Description 

Technical Field 

The present invention relates to a system for 
granting access to a secure facility, and more partic- 
ularly to an authentication procedure. 

Background of the Invention 

A challenge for those who provide secure facili- 
ties is to exclude all unauthorized persons seeking 
entry while simultaneously making authentication 
procedures as convenient as possible for both autho- 
rized persons and facility administrators. Such goals 
are frequently incompatible with each other. 

The use of a password is perhaps the simplest 
and least expensive technique for providing access 
security. Additionally, passwords are relatively easy 
to change. However, there are problems with pass- 
words; when they are fixed for long periods of time the 
chances of guessing them are improved; and when 
they are changed too frequently, they are forgotten 
by the rightful users. Further, when passwords are 
transmitted across an interface, they can be inter- 
cepted by anyone with the proper monitoring equip- 
ment. 

In one known system, a common secret code is 
stored within each of two devices (key and lock). The 
secret codes are logically combined with a random 
number, available to each device, and the resulting 
numbers are compared with each other for identity. 
This technique is generally employed by various data 
communication systems (see e.g. "Locking Up Sys- 
tem Security" - Electronics Week February 18, 1985 
regarding Intel Corporation's 27916 KEPROM™ 
Keyed Access EPROM). Advantageously, the secret 
code itself needs never be transmitted so that an 
electronic intruder, monitoring interface signals, sees 
only the random data (challenge) and the modified 
random data (response) which are insufficient to 
teach the correct response to subsequent challenges. 
Unfortunately, this technique stores the same secret 
code in all keys which precludes selective revocation 
of lost or stolen keys. 

One way to prevent tampering with private infor- 
mation in electronic systems is the use of cryptosys- 
tems (i.e., methods for encrypting, or transforming, 
information so that it is unintelligible and, therefore, 
useless to those who are not meant to have access 
to it). Ideally, the transformation of the information is 
so complicated that it is beyond the economic means 
of an eavesdropper to reverse the process. The 
eavesdropper is therefore not inclined to become an 
intruder who not only would compromise the confi- 
dential nature of the stored information, but also 
might engage in forgery, vandalism and theft. A pop- 
ular technique, known as public-key cryptography, re- 



lies on the use of two keys - one to encode the infor- 
mation and another to decode it. These keys are re- 
lated in the sense that they serve to specify inverse 
transformations; however, it is computationally infea- 

5 sible to derive one key from the other. That being the 
case, one of the keys can be made public for im- 
proved convenience without compromising the secur- 
ity of such a system. Applying public-key cryptogra- 
phy to the challenge of excluding unauthorized per- 

10 sons seeking entry to a secure facility, the party 
seeking entry would use his private key to encrypt 
(authenticate) a message. The party receiving the en- 
crypted message would use the public key of the 
transmitter to decrypt the incoming message in order 

15 to transform it to its original text. A discussion of such 
systems is contained in the August, 1979 issue of Sci- 
entific American in an article by Martin E. Hellman en- 
titled "The Mathematics of Public-Key Cryptogra- 
phy." An example of a public-key system is disclosed 

20 in U.S. Patent 4,453,074 issued to S. B. Weinstein for 
a "Protection System for Intelligent Cards." Unfortu- 
nately, in public-key systems, the party receiving the 
encrypted message must maintain a database that 
contains the public keys of all parties having authori- 

25 zation to enter the secure facility. 

One particularly promising system involves the 
use of a password along with a smart card that ex- 
changes data with an authentication device during an 
authentication procedure. It is noted that the smart 

30 card contains a processor and a memory; it is port- 
able and frequently has the shape of a conventional 
credit card. Security is improved by requiring the hold- 
er of the smart card to remember a password. This 
password can either be sent to the smart card ena- 

35 bling it to exchange data with the authentication de- 
vice, or the password can be sent directly to the au- 
thentication device itself. In either case, two condi- 
tions must now be satisfied: something in the user's 
head and something in the user's hand. 

40 A known system stores an identification (ID) 

number within each smart card which is transmitted 
to the authentication device in order commence the 
authentication procedure. The authentication device 
scrutinizes the ID number to determine whether itcor- 

45 responds to a presently valid ID number and then 
commences the authentication procedure only when 
the result is affirmative. Such a system as set out in 
the preamble of claims 1 and 9 is disclosed in U.S. Pa- 
tent 4, 471,216. While personal identification num- 

50 bers additionally offer the ability to improve flexibility 
(e.g., expiration date may be built into the ID itself), 
the storage of each individual ID number in the au- 
thentication device requires significant memory 
space. For example, storing 25,000 user keys, each 

55 8 bytes long, requires 200K bytes of memory. Further, 
each time a new smart card is issued, the memory of 
the authentication device must be updated to recog- 
nize it. This is particularly impractical in a distributed 
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system where, for example, the authentication device 
is used in connection with room or building access. 
Even when the authentication device comprises a 
host computer that is easily updated, it is undesirable 
from a security standpoint to store all ID numbers 
therein because they might be compromised if some- 
one found a way to break into the computer. 

Summary of the Invention 

A security system includes a portable object, 
such as a smart card, and an authentication device for 
electrically interacting with the portable object to reg- 
ulate access to a secure facility. An identification 
number (ID) n is presented to the authentication de- 
vice which uses an encryption algorithm, E 1f to con- 
vert it into a secret code S n . The authentication device 
also generates a challenge number, C, which is trans- 
mitted to the portable object. Stored within the port- 
able object is secret code S n and encryption algorithm 
E 2 which are used together with the challenge number 
C to create a response signal R n . Stored within the au- 
thentication device is encryption algorithm E 2 , which 
is used together with secret code S n and the chal- 
lenge number C to create response signal R„. Afavor- 
able comparison between R n and R„ is necessary to 
gain access to the secure facility. 

In an illustrative embodiment of the invention, E^ 
and E 2 are identical processes that use different mas- 
ter strings (secret keys) to transform a first binary 
number into a second binary number. Knowledge of 
the encryption algorithm, however, is insufficient for 
an intruder to determine the master string. The pres- 
ent invention illustratively uses the Data Encryption 
Standard (DES) in the implementation of E^ and E 2 . 

In a preferred embodiment of the invention, chal- 
lenge number C is a 64-bit random number. Such 
numbers are generally non-repeating and enhance 
security by virtue of their non-predictable character. 

The present invention advantageously regulates 
access to any one of a number of protected resources 
including information, cash, and physical entry into a 
facility without requiring the transmission of secret in- 
formation across an interface. Importantly, the pres- 
ent invention eliminates the need to store and admin- 
ister identification information regarding each user 
entitled to access to the protected resources. 

It is a feature of the present invention that multi- 
ple secret codes are easily stored within a smart card, 
each providing access to a different facility, or backup 
access to the same facility in the event of a security 
breach (e.g., the master string becomes known). In 
the situation that security is breached, new secret 
codes can be derived at the authentication device by 
merely using a new master string. Such new secret 
codes would have already been stored within each 
smart card at the time of issue as a precautionary 



measure. Thus, should security become comprom- 
ised, new smart cards do not need to be issued. 

These and other features of the present invention 
will be more fully understood when reference is made 
5 to the detailed description and associated drawing. 

Brief Description of the Drawing 

FIG. 1 is a flow diagram illustrating the various 
10 steps performed in practicing the invention; 

FIG. 2 is a flow diagram of the enciphering com- 
putation of the Data Encryption Standard; 
FIG. 3 is a block diagram that illustrates the cal- 
culation of f(R,K) used in the Data Encryption 
15 Standard; 

FIG. 4 discloses selection table Si used in the 
Data Encryption Standard; 
FIG. 5 is a block diagram representation of the 
major functional components of a smart card sys- 
20 tern and their general interconnection with each 

other; 

FIG. 6 illustrates use of the present invention in 
a computer access security system in accor- 
dance with the invention; 

25 FIG. 7 illustrates use of the present invention in 

a premises access security system in accor- 
dance with the invention; 
FIG. 8 discloses the functional components of a 
door lock such as used in connection with FIG. 7; 

30 FIG. 9 illustrates the structure of a master string 

used in the encryption process; 
FIG. 10 illustrates the structure of a challenge 
signal including information regarding the selec- 
tion of the secret code to be used during the en- 

35 cryption process; and 

FIG. 11 discloses a pseudo-random number gen- 
erator suitable for use as a challenge number 
generator. 

40 Detailed Description 

GENERAL 

Referring to FIG. 1, there is disclosed a diagram 
45 which illustrates the salient features of the invention 
in modified flow chart form. The mechanical analog 
of a key and a lock is useful in connection with FIG. 
1 because smart card 500 functions as a key and au- 
thentication device 700 functions as a lock. Since the 
50 authentication process requires activity on the part of 
both the smart card and the authentication device, 
the activity associated with each part is segregated to 
assist the reader in understanding the invention. Al- 
though not required in the practice of the invention, 
55 security is enhanced by requiring the holder of the 
smart card to enter a password into the smart card, 
enabling it to commence the authentication process 
by transmitting a personal identification number (ID) n 
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to authentication device 700. Alternatively, the holder 
of the smart card could directly transmit (ID) n to the 
authentication device 700. In either case, the follow- 
ing steps describe the authentication process: (1) In 
response to the receipt of a signal such as (ID) n , box 
740 recognizes the signal and initiates the generation 
of a challenge number. Additionally, secret code S n is 
created (box 710) using encryption algorithm E^ (box 
730) and the proffered personal identification num- 
ber (ID) n . (2) Challenge number C is generated (box 
750), transmitted to smart card 500, and used inter- 
nally (box 720). Note that a valid ID number is not re- 
quired to initiate the generation of a challenge number 
- a feature that helps preserve confidentiality of the 
ID number. (3) Both the smart card 500 and the au- 
thentication device 700 (box 563 and box 720) calcu- 
late a response (R n and R„ respectively) to the chal- 
lenge number. Since secret code S n and encryption 
algorithm E 2 are contained in both the smart card and 
in the authentication device, the responses should be 
identical when compared (box 760). (4) Block 770 fur- 
ther enhances security, with minimum inconvenience 
to the system administrator, by testing whether the 
proffered (ID) n corresponds to a lost or stolen card. 
The list of such cards is presumably small and is sel- 
dom updated. Once all of the above steps have been 
successfully completed, access to the computer is 
granted, a door is opened, a credit transaction is va- 
lidated, or cash is delivered, etc. 

The various boxes need not reside within the par- 
ticular device as shown in FIG. 1. For example, in a 
number of applications, the challenge number gener- 
ator can be located within the smart card while still 
preserving the benefits of the invention. Indeed, in 
the peer-to-peer authentication application described 
hereinafter, each smart card contains a challenge 
number generator, means for comparing response 
numbers, and the E^ algorithm including a master 
string. Further, user interface 1 00 can be built into the 
smart card 500 or the authentication device 700. It is 
an important advantage that the list of valid ID num- 
bers need not be stored within the authentication de- 
vice. It is sufficient that only the encryption algorithm 
E 1t originally used to create S n from (ID) n , needs to be 
stored. 

Stored within memory box 550 of smart card 500 
is the above-identified personal identification num- 
ber (ID) n that is unique to that card. Also stored within 
box 550 are one or more secret codes S n and encryp- 
tion algorithm E 2 . 

Secret code S n comprises a plurality of binary 
digits stored in memory that are not accessible from 
outside the card. Further, S n is written into memory at 
a time when the ID number is first assigned by the 
card issuer. S n is linked to a particular personal iden- 
tification number, designated, (ID) n by the functional 
relationship S n = E^ (ID) n . What this means is that en- 



cryption algorithm E^ maps each unique personal 
identification number into a unique secret code. As a 
practical matter, a secret computer program trans- 
forms input signal (ID) n into output signal S n . It is the 

5 use of this particular transformation that eliminates 
the need to store individual ID numbers. More will be 
said about this later. 

Encryption algorithm E 2 is a computer program 
executed by a microprocessor. It is jointly responsive 

10 to secret code S n and to input binary data signal C for 
generating an output binary data signal R n . Compu- 
tation of R n is indicated in box 563 where C is the chal- 
lenge number and R n is the response. For improved 
security, C is a large non-repeating number so that an 

15 intruder making a large number of observations of the 
challenge and response will never learn the manner 
by which they are related. So long as C and S n are fin- 
ite, however, it is theoretically possible for the deter- 
mined intruder to learn the correct response to all 

20 challenges. Nevertheless, with a moderate length se- 
cret code, say 64 bits, there are approximately 18 x 
1 0 18 possible unique secret code combinations. Even 
with a computer aided lockpick that tried 10 billion dif- 
ferent combinations every second, it would take 57 

25 years to examine all combinations. This period could 
be lengthened substantially if additional delay, say 1 
second, was introduced between challenge and re- 
sponse. By way of example, and not limitation, C may 
be a random number, pseudo-random number, or 

30 even a time clock (year: month: day: hour: seconds: 
tenths: etc.). 

Stored in box 770 are the ID numbers of lost and 
stolen cards as well as numbers that have expired or, 
for one reason or another, no longer have permission 

35 to access the facility. Advantageously, even though 
the authentication device "knows" at the outset that 
the proffered ID number is unacceptable, access to 
the facility is not denied until the entire process has 
been completed. Thus, only minimum information is 

40 given to potential intruders. Storing a list of unaccept- 
able ID numbers allows customization with minimum 
susceptibility to fraud. There is little or no incentive 
to increase the list of unacceptable ID numbers; while 
on the other hand, a great temptation exists to frau- 

45 dulently increase the list of acceptable ID numbers - 
a temptation that the present invention eliminates. 

DATA ENCRYPTION STANDARD (DES) 

50 The purpose of any encryption algorithm is to 

convert confidential information (data) into a form 
that renders it unreadable to all except those who 
know how to decode the message. One simple tech- 
nique involves substituting one letter of the alphabet 

55 with another for each of the letters. Such encryptions, 
however, are relatively easy to decrypt, even for the 
unsophisticated intruder. More complex techniques 
have arisen over the years to stay ahead of unsolicit- 
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ed decryption experts, and the art has progressed to 
the point that techniques exist that are so good that it 
no longer makes sense to try to unravel an encryption 
signal. One such technique that has gained wide ac- 
ceptance is the Data Encryption Standard (DES) that 
is intended for implementation in special purpose 
electronic devices. In 1977, the National Bureau of 
Standards (now NIST) issued DES as a Federal stan- 
dard, and the National Security Agency has certified 
new products using the standard. While a relatively 
brief discussion of the application of DES to the inven- 
tion is set forth below, a more comprehensive treat- 
ment is set forth in the January 15,1977 Federal In- 
formation Processing Standards Publication 46 (FIPS 
46), entitled "Specifications for the Data Encryption 
Standard." 

DES is a private-key scheme in which both en- 
crypting and decrypting keys are identical and secret. 
DES operates on data in blocks of 64-bits, sending it 
through 16 stages of the algorithm before exiting as 
a 64-bit cipher text. Encryption relies heavily on prop- 
er management of keys - the strings of characters that 
must be input to the algorithms before encryption or 
decryption can take place. The present invention 
does not require decryption, but rather relies on a 
comparison between two encrypted signals. Encryp- 
tion algorithms E^ and E 2 each use DES to achieve 
encryption; however, the data blocks and keys are ob- 
tained from different sources. After a brief explana- 
tion of DES is given, it will be applied to the present 
invention. 

A flow diagram that illustrates the sequential op- 
erations performed in the DES enciphering computa- 
tion is shown in FIG. 2. Input box 201 comprises a 64- 
bit ordered set (vector) of binary digits whose order is 
rearranged (permuted) according to a known pattern 
in an operation akin to shuffling cards. The permuted 
block of 64-bits is now split into two boxes 203 (L 0 ) 
and 204 (Rq), each comprising 32-bits in an operation 
akin to cutting the cards. At this point, the card shuf- 
fling analogy fails because mathematical operations 
205 (modulo-2 addition) and 206 (cipher function f) 
are introduced along with key K. Values for K-j... K 16 
are selected in accordance with 16 different predeter- 
mined schedules whereby each K n comprises an or- 
dered set of 48-bits chosen from the 64-bit key. 

For completeness, the operation of cipher func- 
tion (f) is shown in FIG. 3 where the calculation f(R, 
K) is diagrammatically laid out. In this figure, E de- 
notes a function which takes a block of 32-bits as in- 
put and yields a block of 48-bits as output. The E func- 
tion is very similar to the initial permutation of box 
202, but now certain of the bits are used more than 
once. These blocks of 48 bits, designated 303 and 
304 in FIG. 3, are combined by modulo-2 (exclusive 

or) addition in box 305. Selection functions S.,,S2, 

S 8 take a 6-bit input number and deliver a 4-bit output 
number in accordance with a predetermined selection 



table such as shown in FIG. 4 which discloses the S 1? 
function. For example, if Sj is the function defined in 
this table and B is a block of 6 bits, then Sj(B) is de- 
termined as follows: The first and last bits of B repre- 

5 sent, in base 2, a number in the range 0 to 3. Let that 
number be i. The middle 4 bits of B represent, in base 
2, a number in the range 0 to 15. Let that number be 
j. Look up in the table the number in the i'th row and 
j'th column. It is a number in the range 0 to 15 and is 

10 uniquely represented by a 4-bit block. That block is 
the output S^B) of Sj for the input B. Thus, for input 
011011 the row is 01 (i.e., row 1) and the column is 
determined by 1 1 01 (i.e., column 1 3). In row 1 , column 
13 the number 5 appears so that the output is 0101. 

15 Selection functions, S 1f S 2 ,... S 8 appear in the Appen- 
dix of the above-mentioned publication FIPS 46. 

Referring once again to FIG. 3, the permutation 
function P is designated 306 and yields a 32-bit out- 
put (307) from a 32-bit input by permuting the bits of 

20 the input block in accordance with table P, also set 
forth in FIPS 46. 

ENCRYPTION ALGORITHMS E^ AND E 2 

25 DES is now applied to encryption algorithm E^ 

which is used to convert (ID) n into S n . Note that when 
the smart card is issued, it comes equipped with S n 
already stored in its memory. Reference is now made 
to FIG. 9 which illustrates the structure of the master 

30 string which comprises 640-bits of secret data used 
by the encryption algorithm E^ The master string is 
interpreted as 10 separate characters (addressable 
by digits 0-9), each having 64 bits of data. The ID 
number comprises a block of 6 digits, each assuming 

35 some value between 0 and 9 inclusive. In the follow- 
ing example, encryption algorithm E^ operates on 
(ID) n (illustratively set equal to 327438) in the manner 
indicated. The first operation requires that the third 
character of the master string be combined with the 

40 second character of the master string in accordance 
with the DES enciphering computation. This opera- 
tion is denoted d(3,2) where 3 is treated as the data 
block and 2 is treated as the key. The operation per- 
formed is shown in FIG. 2 in which the 64-bit number 

45 corresponding to the third character of the master 
string is used as input 201, the 64-bit number corre- 
sponding to the second character of the master string 
is used as K, and output 210 is a 64-bit number (des- 
ignated "A") that will be used in a second operation. 

50 The second operation performed is similar to the 

first except that "A" is combined with the seventh 
character of the master string in accordance with the 
DES enciphering computation. This operation is de- 
noted by d(A,7) where A is a 64-bit number used as 

55 input 201 , and the 64-bit number corresponding to the 
seventh character of the master string is used as K. 
The operation performed is shown in FIG. 2 and out- 
put 210 is a 64-bit number (designated "B") that will 
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be used in a third operation. 

These operations continue until all of the digits of 
(ID) n are used. The last operation, d(D,8), results in a 
64-bit number which is used as the secret code S n . Ac- 
cordingly, in this example, encryption algorithm 
uses the digits of (ID) n to index characters of the mas- 
ter string. The DES enciphering computation shuffles 
these secret keys in a known, but non-reversible, 
manner to generate S n . 

DES is now applied to encryption algorithm E 2 
which is used to convert S n and C into a response 
number R n (within the smart card), or (within the 
authentication device). S n and C each comprise a 64- 
bit number which makes them ideally suited for the 
encryption computation shown in FIG. 2. Indeed, S n 
and C are "shuffled" in accordance with the DES en- 
ciphering computation described above (see FIG. 2), 
and output box 210 now contains a 64-bit number 
designated R n or R„. These numbers are thereafter 
compared, and when they are identical the smart card 
is deemed to be authenticated. Although the DES en- 
ciphering computation is illustratively shown, it is un- 
derstood that other enciphering computations, having 
greater or lesser complexity, may be used without de- 
parting from the spirit of the invention. 

CHALLENGE NUMBER GENERATOR 

There are many techniques for generating suit- 
able challenge numbers. Ideally such numbers are 
long, non-predictable, non-repeating and random. 
One known technique involves periodically sampling 
the polarity of a noise source, such as an avalanche 
diode, whose average dc output voltage is zero. As 
discussed above, the challenge number generator 
750 (FIG. 1) may generate a random number, a pseu- 
do-random number, or even a predictable number - 
depending on the degree of security warranted in the 
given application. One challenge number generator is 
shown in FIG. 11 which provides a pseudo-random 
number at its serial data output The generator com- 
prises a 64-stage shift register whose output is mod- 
ulo-2 combined (via Exclusive-OR gates 111, 112) 
with various of its stages and then fed back to the in- 
put of the generator. Although the serial data output 
pattern is very long (potentially generating all possi- 
ble combinations of 64 bits), it eventually repeats it- 
self. Nevertheless, by accelerating the clock rate at 
times when a challenge number is not needed, it 
would be most difficult to predict which particular 
combination of 64 bits was coming next. 

The randomness of the challenge number is fur- 
ther improved by using the DES enciphering compu- 
tation shown in FIG. 2. Here, the Parallel Data Output 
(X 0 , ... X 63 ) of the pseudo-random number generator 
shown in FIG. 11 is used as input 201 in FIG. 2, while 
one character of the secret master string is used in 



obtaining the various values for K. Recall that values 
for Ki„. K 16 are selected in accordance with 16 differ- 
ent predetermined schedules whereby each K n com- 
prises an ordered set of 48-bits chosen from a 64-bit 

5 key. Since the software needed to implement DES, or 
the particular encryption algorithm used, is already in 
place in both the smart card and in the authentication 
device, it is cost effective to use it in connection with 
the generation of a challenge number. Indeed, if DES 

10 is used in forming the challenge number, it would be 
sufficient to increment a register each time a new 
challenge number is needed, and then use that num- 
ber, rather than X 0 , ... X 63 , as input 201 in FIG. 2. 

15 SMART CARD 

Referring now to FIG. 5 there is disclosed a block 
diagram of a smart card 500 and a reader/writer unit 
900 such as used in connection with the present in- 

20 vention. Although shown in greater detail in U.S. Pa- 
tent 4,798,322, a brief description is presented here. 
Some of the principal components located on smart 
card 500 are microprocessor 560, electrically eras- 
able programmable read-only memory (EEPROM) 

25 550, analog interface circuit 540, secondary winding 
521 of transformer 920, and capacitive plates 541- 
544. 

Microprocessor 560 includes a central process- 
ing unit and memory means in the form of random ac- 

30 cess memory and read-only memory. A microproces- 
sor available from Intel Corporation such as Part No. 
80C51 may be used with the proper programming. 
Operating under firmware control provided by its in- 
ternal read-oniy memory, the microprocessor 560 for- 

35 mats data to the EEPROM 550 and to the reader/writ- 
er unit 900 via the analog interface circuit 540. EE- 
PROMS are available from a number of suppliers, 
many of whom are mentioned in an article entitled 
"Are EEPROMS Finally Ready to Take Off?" by J. Ro- 

40 bert Lineback, Electronics, Vol 59, No. 7, (Feb 
17,1986), pp. 40-41. Data may be written to or used 
from an EEPROM repeatedly while operating power 
is being applied. When operating power is removed, 
any changes made to the data in the EEPROM remain 

45 and are retrievable whenever the smart card 500 is 
again powered. 

The analog interface circuit 540 provides a 
means for interfacing smart card 500 with reader/writ- 
er unit 900. Within analog interface 540 are circuits 

50 responsive to capacitors 541-544, for exchanging 
data with reader/writer unit 900. Power for operating 
the card 500 is provided to the analog interface circuit 
540 via inductive transfer, received by the secondary 
winding 521 of transformer 920. This transformer is 

55 formed when secondary winding 521 is coupled to a 
primary winding 921 within the reader/writer unit 900. 
The transformer 920 may advantageously include a 
ferrite core 922 in the reader/writer for increased cou- 
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pling between the transformer primary winding 921 
and secondary winding 521. A second such core 522 
may also be included in the transformer 920 to further 
increase coupling efficiency. The primary winding 
921 is driven at a 1.8432 MHz rate by power supply 
930 whose operation is described with particularity in 
U.S. Patent 4,802,080 issued January 31,1989. 

Within the reader/writer unit 900, analog interface 
circuit 940 exchanges data with the smart card 500 
under control of microprocessor 960. Capacitor 
plates 941-944 are aligned with the mating capacitor 
plates 541-544 within the smart card 500. The in- 
put/output serial data interface 950 is basically a uni- 
versal asynchronous receiver transmitter (UART) 
which may be advantageously included in the micro- 
processor 960. This UART is used for externally com- 
municating with a suitably configured application sta- 
tion 990. 

Application station 990 represents any one of a 
variety of stations, terminals or machines capable of 
interacting with the reader/writer unit 900 for the pur- 
pose of selectively granting access to the resources 
which it controls such as cash, premises access, in- 
formation in a computer, credit authorization for a tel- 
ephone call or the purchase of goods, etc. Stored 
within the application station is the computational 
power to carry out the authentication procedure dis- 
closed in FIG. 1 . Reader/writer unit 900 may itself be 
part of the application station 990 and its micropro- 
cessor 960, when provided with sufficient memory, is 
suited to carry out the authentication procedure. Also 
stored within the application station is the appropriate 
hardware to open a lock or remit cash. Such hardware 
is well known by those in the particular art to which 
the application station pertains. A discussion of cer- 
tain of these applications follows. 

APPLICATIONS 

Computer Access Security System 

FIG. 6 discloses one application of the present in- 
vention in a computer access security system. In this 
system, terminal stations 101 and 102 provide access 
to host computer 600 so long as the user can be au- 
thenticated. In one situation, the user inserts his 
smart card 501 into a terminal security server (TSS) 
610 for the purpose of verifying that he is entitled to 
access host computer 600. Modems 641 and 643 are 
frequently needed to adapt digital signals to transmis- 
sion over public switched network 650. At the host lo- 
cation, host security server (HSS) 630, together with 
host smart card 503, grants access only to authorized 
users. In this application, TSS 610 includes a read- 
er/writer unit 900 such as shown in FIG. 5, that inter- 
acts with smart card 501 to exchange electrical sig- 
nals between the smart card and a particular applica- 
tion station. The usertransmits his password to smart 



card 501 via terminal station 101 which commences 
the authentication process with HSS 630 and host 
smart card 503. Security is improved by storing the 
authentication algorithms and master strings within 

5 smart card 503 rather than in the host computer. 
Whereas a super-user might be able to access secret 
codes stored within the host computer 600, the host 
smart card is configured to only grant or deny access; 
secret information within the card 503 is not available 

10 to anyone after it has been entered. Since individual 
user ID numbers do not have to be stored in the pres- 
ent invention, it is possible to handle the authentica- 
tion of vast numbers of users with minimal storage so 
that smart cards using EEPROMS of moderate size, 

15 say 2048 bytes, are adequate for the task. The au- 
thentication process performed in this application is 
the same as discussed above using DES or another 
suitable enciphering computation. 

Variations of this system include the situation 

20 where the TSS 61 0 is replaced by a portable security 
server (PSS) 620. Here, the user types his identifica- 
tion number (ID) n into terminal station 102. (ID) n is 
then transmitted to HSS 630 which includes host 
smart card 503. HSS 630 returns a challenge number 

25 which is displayed on terminal station 102. The user 
then enters this challenge number into PSS 620 using 
keys 622. Contained within PSS 620 is smart card 
502 which stores secret code S n and encryption algo- 
rithm E 2 . It computes a response R n to the challenge 

30 number and displays it on liquid crystal display 621. 
Thereafter, the user enters R n into terminal station 
1 02 and awaits access to host computer 600. Clearly, 
each terminal station 101,102 could contain the 
equipment presently housed within TSS 610 or PSS 

35 620. 

Premises Access Security System 

An important application of the present invention 

40 is in connection with the replacement of conventional 
door locks and mechanical keys where high security 
is important. Smart cards are useful in this application 
because they can be selectively revoked and adapted 
for use oniy during predetermined hours. Further, 

45 they can be programmed to commence or expire on 
certain dates. The present invention is particularly 
advantageous in such a distributed system because 
the identity of each newly authorized user does not 
have to be communicated to each lock, although in- 

50 formation regarding users no longer having authori- 
zation must be so communicated. The security of mi- 
crowave "huts," which control vital junction points in 
the national telecommunication network, is of critical 
importance. Such locations warrant greater protec- 

55 tion than easily duplicated mechanical keys can offer. 

An example of a premises access security sys- 
tem is shown in FIG. 7 which illustrates another ap- 
plication of the present invention. Door 830 provides 
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entry to a secure location such as a room or a build- 
ing. Outside handle 850 does not normally operate 
the lock, but is provided merely for conveniently push- 
ing or pulling on the door once the lock is open. A bolt 
assembly is driven by an inside handle (not shown) 5 
and includes a protrusion 840 which engages a strike 
995 positioned in the door jamb. In the embodiment 
of FIG. 7, the strike itself is activated to permit the 
opening and closing of the door. Alternatively, the bolt 
within the door could have been controlled in accor- 10 
dance with the invention. Lock 800 is positioned ad- 
jacent the door jamb on wall 820 and includes a slot 
810 for inserting an electronic key. 

Referring now to FIG. 8, additional detail is pro- 
vided regarding the hardware needed to support this 15 
particular application. In order to obtain access, the 
user first inserts his key 500 (smart card) into slot 810 
(see FIG. 7) of lock 800. Once the key 500 is in contact 
with reader/writer unit 900, as discussed in connec- 
tion with FIG. 5, authentication can begin. The user 20 
enters his password using the switches 120 on user 
interface 1 00 which is transferred to key 500 via read- 
er/writer unit 900. If the entered password matches 
the password stored in memory 550 of key 500, then 
the key transmits its identification number (ID) n to ap- 25 
plication station 990, and more particularly to authen- 
tication device 700 which carries out the authentica- 
tion procedure discussed in connection with FIG. 1 . In 
the event that the key is authenticated, processor 760 
delivers a pulse to relay driver 770 which activates re- 30 
lay 780 thereby closing contact K1 . Power is now ap- 
plied to electric strike 995 which enables the door to 
be pulled open. A suitable transducer for carrying out 
this function is the Model 712 Electric Strike, manu- 
factured by Folger Adam Co. that requires 12 volts 35 
DC at 0.3 amperes. Information regarding door entry 
may be delivered to the user on display 1 1 0 of the user 
interface 100. Such information might include 
prompts for using the system, a message that the key 
has expired or that the password should be re-en- 40 
tered. Processor 760 includes memory for storing en- 
cryption algorithms E^ and E 2 as well as a list of 
lost/stolen keys and those ID numbers that have been 
granted access to the facility over some time period. 
Such information can be delivered to, and displayed 45 
on, user interface 100 when properly commanded. 

Multiple Secret Codes 

In accordance with the present invention, the 50 
smart card may be used in connection with a plurality 
of authentication devices in which each device grants 
access to different user population. This is made pos- 
sible by storing a plurality of secret codes within each 
smart card - very much like having a number of dif- 55 
ferent keys on a single key ring. Knowing which secret 
code to use is communicated to the smart card when 
the challenge is delivered. Recall that challenge C 



comprises a 64-bit (8 byte) random number in the pre- 
ferred embodiment. An additional byte (header) is 
added to the challenge, as shown in FIG. 10, that se- 
lects one of the secret codes S n stored within the 
memory of the smart card. Here, the header corre- 
sponds to the address of the particular secret code to 
be used in providing the correct response to the chal- 
lenge. An 8-bit header accommodates 256 different 
secret codes, many of which may be used to enhance 
the security of a single authentication device. Per- 
haps 2 or 3 different challenges might be issued in an 
extremely high security application. In situations 
where 64- bits of random data are not necessary, va- 
rious bit positions of the challenge number can be 
dedicated to identifying the particular secret code to 
be used. 

Peer-to-Peer Authentication 

In a number of situations, it is desirable for au- 
thentication to proceed between two members of a 
population who desire to exchange secret information 
after the identity of each member is verified to the 
satisfaction of the other. The present invention is use- 
ful in this regard because it does not require storage 
of the identification numbers of all members of the 
population. However, each of the smart cards must 
generate a challenge signal, store secret code S n as 
well as encryption algorithms E-i and E 2 , and compare 
response numbers with R n with R^,. Authentication 
proceeds in a manner similar to the procedure of FIG. 
1 , except that the combined functions of smart card 
500 and authentication device 700 are now contained 
within a single, more powerful smart card. After the 
first smart card authenticates itself to the second, the 
second smart card authenticates itself to the first. 
This assures the first user that he has reached the 
correct destination, and it assures the second user 
that the person seeking access is entitled to it. Since 
each smart card now carries the secret master string, 
security is potentially weakened. However, the mas- 
ter string is not retrievable from memory and cannot 
be determined by trial and error within a reasonable 
time. 

Modifications and variations of the present inven- 
tion are possible and include, but are not limited to, 
the following: (i) smart cards are portable devices that 
may assume any convenient shape; (ii) smart cards 
may include metallic contacts although the disclosed 
contactless interface offers great resistance to exter- 
nal contaminants and electrical discharge; (iii) chal- 
lenge numbers need not be random or even secret, al- 
though some degradation to security is inevitable; 
and (iv) encryption algorithms E^ and E 2 may be less 
complex than DES and may even be implemented in 
hardware comprising no more than an Exclusive- OR 
gate. 
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Claims 

1. A system for controlling access to a secure facili- 
ty, the system including a portable object (500) 

and means for transferring data between the 5 
portable object and the facility, 

the facility comprising: 

memory means (730) for storing an en- 
cryption algorithm (E 2 ); 

means (750) for generating a challenge 10 
number (C); 

means (710,720) responsive to the chal- 
lenge number (C) and to an identification signal 
((ID) n ) that identifies the particular portable ob- 
ject (500) seeking to gain access to the facility 15 
and to said encryption algorithm (E 2 ) for generat- 
ing a first response signal (R n ); 

means (760) for comparing said first re- 
sponse signal (R^) with a second response signal 

on 

(R n ) generated by the portable object, and for pro- 
viding an enabling signal when the comparison is 
favourable; 

the portable object (500) comprising: 

memory means for storing said encryption 
algorithm E 2 ; and 25 

means (563) responsive to the challenge 
number (C) received from the facility and to said 
encryption algorithm (E 2 ) for generating said sec- 
ond response signal (R n ) and transmitting it to the 
facility; 30 

CHARACTERISED IN THAT 

the facility includes memory means for 
storing a further encryption algorithm (E^; 

said means for generating the first re- 
sponse signal (R n ) comprises: 35 

means (71 0) responsive to said identifica- 
tion signal ((ID) n ) and to said further encryption 
algorithm (E<\) for generating a secret code (S n ); 

40 

means (720) responsive to the challenge 
number (C), to the secret code (S n ) and to the first 
said encryption algorithm (E 2 ) for generating the 
first response signal (Rn); 

in that the portable object (500) includes 45 
memory means (550) for storing the secret code 

(s n ); 

and in that, in the portable object (500), the 
means for generating the second response signal 
(R n ) is further responsive to the secret code (S n ). 50 

2. The system of claim 1 wherein the facility further 
includes: 

means for storing a list of identification 
numbers not entitled to access the secure facili- 55 
ty; and 

means (770) for determining correspon- 
dence between the stored list of identification 



numbers and the identification signal that identi- 
fies the particular portable object seeking access 
to the facility, and for denying access to the facili- 
ty when such correspondence exists. 

3. The system of claim 1 wherein the means (710) 
for generating the secret code (S n ) comprises a 
first processor, jointly responsive to the identifi- 
cation signal and to a secret master string, for 
executing a predetermined sequence of steps in 
accordance with encryption algorithm E^ 

4. The system of claim 1 wherein the means (720) 
for generating the first response signal compris- 
es a first processor, jointly responsive to the se- 
cret code (S n ) and to the challenge number (C), 
for executing a predetermined sequence of steps 
in accordance with encryption algorithm E 2 . 

5. The system of claim 1 wherein the means (563) 
for generating the second response signal com- 
prises a second processor, responsive to the se- 
cret code and to the challenge number, for exe- 
cuting a predetermined sequence of steps in ac- 
cordance with encryption algorithm E 2 . 

6. The system of claim 3 wherein encryption algo- 
rithm Ei is a process for encrypting data in accor- 
dance with the Data Encryption Standard. 

7. The system of claim 5 wherein encryption algo- 
rithm E 2 is a process for encrypting data in accor- 
dance with the Data Encryption Standard. 

8. The system of claim 1 wherein the challenge 
number is substantially random. 

9. A method for testing the authenticity of a portable 
electronic device (500) and for enabling access to 
a secure facility when the portable electronic de- 
vice is authentic, the method comprising the 
steps of: 

storing an encryption algorithm (E 2 ); 

receiving an identification signal ((ID) n ) 
that identifies the particular portable electronic 
device seeking access to the facility; 

generating a challenge number (C) and 
transmitting same to the portable electronic de- 
vice; 

generating a first response (R n ) using said 
encryption algorithm (E 2 ) responsive to the iden- 
tification signal and the challenege number, 

comparing the first response signal (R^) 
with a second response signal (R n ) generated by 
the portable electronic device; and 

enabling access to the secure facility 
when the comparison is favorable, and 
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CHARACTERISED IN THAT 

a further encryption algorithm (E^ is stor- 
ed; and the step of generating the first response 
signal comprises: 

generating a secret code (S n ) in accor- 5 
dance with said further encryption algorithm (E.,) 
using the identification signal as an input; and 

generating the first response signal in ac- 
cordance with the first said encryption algorithm 
(E 2 ) using the secret code and the challenge 10 
number as inputs. 

1 0. The method of claim 9 further including the steps 
of: 

storing a list od identification numbers not 15 
entitled to access the facility; and 

denying access to the facility when the re- 
ceived identification signal corresponds to a 
identification number stored on the list of those 
not entitled to such access. 20 



Patentanspruche 

1. System zur Steuerung des Zugriffs zu einer Si- 25 
cherheitseinrichtung miteinem tragbaren Objekt 
(500) und einer Einrichtung zur Ubertragung von 
Daten zwischen dem tragbaren Objekt und der 
Sicherheitseinrichtung, die aufweist: 
eine Speichereinrichtung (730) zur Aufnahme ei- 30 
nes Verschlusselungsalgorithmus (E 2 ), 
eine Einrichtung (750) zur Erzeugung einer Ken- 
nungsnummer (C), 

eine Einrichtung (710, 720), die unter Anspre- 
chen auf die Kennungsnummer (C), ein Identif i- 35 
kationssignal ((ID) n ), das das jeweilige tragbare 
Objekt (500), das einen Zugang zu der Sicher- 
heitseinrichtung sucht, identif iziert und den Ver- 
schlusselungsalgorithmus (E 2 ) ein erstes Ant- 
wortsignal (R^) erzeugt, 40 
eine Einrichtung (760) zum Vergleichen des er- 
sten Ansprechsignals (R n ) mit einem zweiten, von 
dem tragbaren Objekt erzeugten Antwortsignal 
(R n ) und zur Lieferung eines Zugangssignals, 
wenn der Vergleich positiv ist, 45 
wobei das tragbare Objekt (500) aufweist: 
eine Speichereinrichtung zur Aufnahme des Ver- 
schlusselungsalgorithmus (E 2 ) und 
eine Einrichtung (563), die unter Ansprechen auf 
die von der Sicherheitseinrichtung empfangene 50 
Kennungsnummer (C) und den Verschlusse- 
lungsalgorithmus (E 2 ) das zweite Antwortsignal 
(R n ) erzeugt und zu der Sicherheitseinrichtung 
ubertragt, 

dadurch gekennzeichnet, 55 
dafidie Sicherheitseinrichtung eine Speicherein- 
richtung zur Aufnahme eines weiteren Verschlus- 



selungsalgorithmus (Ei) enthalt, 
daft die Einrichtung zur Erzeugung des ersten 
Antwortsignals (Rn) aufweist: 
eine Einrichtung (710), die unter Ansprechen auf 
das Identif i kationssignal ((ID) n ) und den weiteren 
Verschlusselungsalgorithmus (E^ einen Ge- 
heimcode (Sn) erzeugt und 
eine Einrichtung (721), die unter Ansprechen auf 
die Kennungsnummer (C), den Geheimcode (S n ) 
und den ersten Verschlusselungsalgorithmus 
(E 2 ) das erste Antwortsignal (R n ) erzeugt, 
dafc das tragbare Objekt (500) eine Speicherein- 
richtung (550) zur Aufnahme des Geheimcode 
(S n ) enthalt und dali die Einrichtung zur Erzeu- 
gung des zweiten Antwortsignals (R n ) in dem 
tragbaren Objekt (500)fernerauf den Geheimco- 
de (S n ) anspricht. 

2. System nach Anspruch 1, bei dem die Sicher- 
heitseinrichtung ferner enthalt: 

eine Einrichtung zur Speicherung einer Liste von 
Identif ikationsnummern ohne Berechtigung fur 
einen Zugang zu der Sicherheitseinrichtung und 
eine Einrichtung (770) zur Bestimmung der Kor- 
respondenz zwischen der gespeicherten Liste 
von Identifikationsnummern und dem Identifika- 
tionssignal, das das jeweilige, einen Zugang zu 
der Einrichtung suchende, tragbare Objekt iden- 
tif iziert, und zur Verweigerung des Zugangs zu 
der Sicherheitseinrichtung, wenn eine solche 
Korrespondenz vorhanden ist. 

3. System nach Anspruch 1, bei dem die Einrich- 
tung (710) zur Erzeugung des Geheimcode (S n ) 
einen Prozessor aufweist, der unter Ansprechen 
auf das Identifikationssignal und eine geheime 
Masterfolge eine vorbestimmte Folge von Schrit- 
ten entsprechend dem weiteren Verschlusse- 
lungsalgorithmus (Ei) ausfiihrt. 

4. System nach Anspruch 1, bei dem die Einrich- 
tung (720) zur Erzeugung des ersten Antwortsi- 
gnals einen ersten Prozessor aufweist, der unter 
Ansprechen auf den Geheimcode (S n ) und die 
Kennungsnummer (C) eine vorbestimmte Folge 
von Schritten entsprechend dem Verschlusse- 
lungsalgorithmus (E 2 ) ausfiihrt. 

5. System nach Anspruch 1, bei dem die Einrich- 
tung (563) zur Erzeugung des zweiten Antwort- 
signals einen zweiten Prozessor aufweist, der 
unter Ansprechen auf den Geheimcode und die 
Kennungsnummer eine vorbestimmte Folge von 
Schritten entsprechend dem Verschlusselungs- 
algorithmus (E 2 ) ausfiihrt. 

6. System nach Anspruch 3, bei dem der weitere 
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Verschlusselungsalgorithmus (E^ ein ProzeR zur 
Verschlusselung von Daten entsprechend dem Da- 
tenverschlusselungsstandard (Data Encryption 
Standard) ist. 

7. System nach Anspruch 5, bei dem der Verschlus- 
selungsalgorithmus (E 2 ) ein ProzeR zur Ver- 
schlusselung von Daten entsprechend dem Da- 
tenverschlusselungsstandard (Data Encryption 
Standard) ist. 

8. System nach Anspruch 1 , bei dem die Kennungs- 
nummer im wesentlichen eine Zufallszahl ist. 

9. Verfahren zur Priif ung der Echtheit eines tragba- 
ren elektronischen Gerats (500) und zur Gewah- 
rung des Zugangs zu einer Sicherheitseinrich- 
tung, wenn das tragbare elektronische Gerat 
echt ist, mit den Schritten: 

Speichern eines Verschlusselungsalgorithmus 
(E 2 ), Empfangen eines Identifikationssignals 
((ID) n ), das das jeweilige tragbare elektronische 
Gerat identifiziert, das einen Zugang zu der Si- 
cherheitseinrichtung sucht, 
Erzeugen einer Kennungsnummer (C) und Uber- 
tragen dieser Nummer zu dem tragbaren elektro- 
nischen Gerat, 

Erzeugen eines ersten Antwortsignals (R^) unter 
Verwendung des Verschlusselungsalgorithmus 
(E 2 ) und unter Ansprechen auf das Identif ikati- 
onssignal und die Kennungsnummer, Verglei- 
chen es ersten Antwortsignals (R„) mit einem 
zweiten, durch das tragbare elektronische Gerat 
erzeugte Antwortsignal (R n ) und 
Gewahren des Zugangs zu der Sicherheitsein- 
richtung, wenn der Vergleich positiv ausgeht, 
dadurch gekennzeichnet, daR 
ein weiterer Verschlusselungsalgorithmus (E^ 
gespeichert wird und der Schritt der Erzeugung 
des ersten Antwortsignals die Schritte umfaftt: 
Erzeugen eines Geheimcode (S n ) entsprechend 
dem weiteren Verschlusselungsalgorithmus (Ei) 
unter Verwendung des Identifikationssignals als 
Eingangssignal und 

Erzeugen des ersten Antwortsignals entspre- 
chend dem ersten Verschlusselungsalgorithmus 
(E 2 ) unter Verwendung des Geheimcode und der 
Kennungsnummer als Eingangssignale. 

10. Verfahren nach Anspruch 9 mitfernerden Schrit- 
ten: 

Speichern einer Liste von Identifikationsnum- 
mern, die keine Berechtigung fur einen Zugriff zu 
der Sicherheitseinrichtung haben und 
Verweigerung des Zugangs zu der Sicherheits- 
einrichtung, wenn das empfangene Identif ikati- 
onssignal einer Identifikationsnummer ent- 



spricht, die in der Liste der nicht fur einen Zugang 
berechtigten Nummern gespeichert ist. 



5 Revendications 

1 . Systeme de commande d'acces a une installation 
de securite, le systeme comportant un objet por- 
table (500) et un moyen de transfert de donnees 

10 entre I'objet portable et I'installation, 

I'installation comprenant: 
une memoire (730) pour memoriser un al- 
gorithme de ch iff rage (E 2 ); 

un moyen generateur (750) d'un numero 
15 d'interrogation (C); 

un moyen (710, 720) qui repond au nume- 
ro d'interrogation (C) et a un signal d'identifica- 
tion ((ID) n ), qui identif ie I'objet portable particulier 
(500) qui cherche a obtenir un acces a I'installa- 
20 tion et a I'algorithme de chiffrage (E 2 ), pour en- 

gendrer un premier signal de reponse (R' n ); 

un moyen (760) de comparaison du pre- 
mier signal de reponse (R' n ) a un deuxieme signal 
de reponse (R n ) engendre par I'objet portable, et 
25 de production d'un signal de validation lorsque la 

comparaison est favorable; 

I'objet portable (500) comprenant: 
une memoire pour memoriser I'algorithme 
de chiffrage E 2 ; et 
30 un moyen (563) qui repond au numero 

d'interrogation (C) regu de I'installation eta I'algo- 
rithme de chiffrage (E 2 ) pour engendrer le 
deuxieme signal de reponse (R n ) et le transmet- 
tre a I'installation; 
35 caracterise en ce que 

I'installation comporte une memoire pour 
memoriser un deuxieme algorithme de chiffrage 
(Ei); 

le moyen generateur du premier signal de 
40 reponse (R' n ) comprend: 

un moyen (710) qui repond au signal 
d'identification ((ID) n ) et a I'autre algorithme de 
chiffrage (Ei) pour engendrer un code secret 
(S n ); et 

45 un moyen (720) qui repond au numero 

d'interrogation (C), au code secret (S n ) et au pre- 
mier algorithme de chiffrage (E 2 ) pour engendrer 
le premier signal de reponse (R' n ); 

en ce que I'objet portable (500) comporte 

50 une memoire (550) pour memoriser le code se- 

cret (S n ); 

et en ce que, le moyen generateur du 
deuxieme signal de reponse (R n ), dans I'objet 
portable (500), repond en outre au code secret 
55 (S n ). 

2. Le systeme selon la revendication 1 , dans lequel 
I'installation comporte en outre: 
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un moyen de memorisation d'une liste de 
numeros d'identification qui ne sont pas autori- 
ses a acceder a I'installation de securite; et 

un moyen (770) destine a determiner une 
correspondance entre la liste memorisee des nu- 
meros d'identification et le signal d'identification 
qui identifie I'objet portable particulier qui cher- 
che acces a I'installation et a refuser un acces a 
I'installation lorsque cette correspondance exis- 
te. 

3. Le systeme selon la revendication 1 , dans lequel 
le moyen generateur (710) du code secret (S n ) 
comprend un premier processeur qui repond 
conjointement au signal d'identification et a une 
chaTne maitresse secrete pour executer une se- 
quence predeterminee d'etapes en fonction de 
I'algorithme de chiffrage 

4. Le systeme selon la revendication 1 , dans lequel 
le moyen generateur (720) du premier signal de 
reponse comprend un premier processeur, qui re- 
pond conjointement au code secret (S n ) et au nu- 
mero d'interrogation (C) pour executer une se- 
quence predeterminee d'etapes en fonction de 
I'algorithme de chiffrage E 2 . 

5. Le systeme selon la revendication 1 , dans lequel 
le moyen generateur (563) du deuxieme signal de 
reponse comprend un deuxieme processeur, qui 
repond au code secret et au numero d'interroga- 
tion, pour executer une sequence predeterminee 
d'etapes en fonction de I'algorithme de chiffrage 
E 2 - 

6. Le systeme selon la revendication 3, dans lequel 
I'algorithme de chiffrage est un procede de 
chiffrage de donnees conforme aux normes de 
chiffrage de donnees dites Data Encryption 
Standard. 

7. Le systeme selon la revendication 5, dans lequel 
I'algorithme de chiffrage E 2 est un procede de 
chiffrage de donnees conforme aux normes de 
chiffrage de donnees appelees Data Encryption 
Standard. 

8. Le systeme selon la revendication 1 , dans lequel 
le numero d'interrogation est sensiblement alea- 
toire. 

9. Un procede destine a verifier I'authenticite d'un 
dispositif electronique portable (500) eta valider 
I'acces a une installation de securite lorsque le 
dispositif electronique portable est authentique, 
le procede comprenant les etapes consistant a: 

memoriser un algorithme de chiffrage 

(E 2 ); 



recevoir un signal d'identification ((ID) n ) 
qui identifie le dispositif electronique portable 
particulier qui recherche un acces a 1'installation; 
engendrer un numero d'interrogation (C) 
5 et le transmettre au dispositif electronique porta- 

ble; 

engendrer une premiere reponse (R' n ) en 
utilisant I'algorithme de chiffrage (E 2 ) qui repond 
au signal d'identification et au numero d'interro- 
10 gation, 

comparer le premier signal de reponse 
(R' n ) a un deuxieme signal de reponse (R n ) en- 
gendre par le dispositif electronique portable; et 

valider un acces a I'installation de securite 
15 lorsque la comparaison est favorable et 

caracterise en ce que 

un autre algorithme de chiffrage (E^ est 
memorise; et I'etape de generation du premier si- 
gnal de reponse consiste: 
20 a engendrer un code secret (S n ) en fonc- 

tion de I'autre algorithme de chiffrage (Ei) en uti- 
lisant comme entree le signal d'identification; et 

a engendrer le premier signal de reponse 
en fonction du premier algorithme de chiffrages 
25 (E 2 ) en utilisant comme entrees le code secret et 

le numero d'interrogation. 

10. Le procede selon la revendication 9 incluant en 
outre les etapes consistant a: 
30 memoriser une liste de numeros d'identi- 

fication qui ne sont pas autorises a acceder a 
I'installation; et 

refuser un acces a I'installation lorsque le 
signal d'identification recu correspond a un nu- 
35 mero d'identification memorise sur la liste de 

ceux auxquels un tel acces n'est pas autorise. 
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